Analysis

  • max time kernel
    196s
  • max time network
    211s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 15:34

General

  • Target

    21b26b11d65c8bd05a52f1de722b70b51f3890530aa4e8ff1712d40b9db6c6c1.exe

  • Size

    412KB

  • MD5

    40a8d86bb88caff5720432bcd1515a7c

  • SHA1

    e10bf466cc48e9e39210c3a09042bb166332e128

  • SHA256

    21b26b11d65c8bd05a52f1de722b70b51f3890530aa4e8ff1712d40b9db6c6c1

  • SHA512

    e5794bbd76fac0a2b7d613eeaab4a60e6fdf9788e2ad8be0a2d87f3024ec0dbac60c6260f0e99969e8f3a01fc52fd25b7c071ff1f57d5af6e7583167014a059e

  • SSDEEP

    12288:iak/UKqHXxTxJXuAbw+Gm5VO2WIOIowud+eXaCm3bFKuLInVNe:ia3zHXxT+apo2WInonXu3K6

Score
8/10

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 1 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21b26b11d65c8bd05a52f1de722b70b51f3890530aa4e8ff1712d40b9db6c6c1.exe
    "C:\Users\Admin\AppData\Local\Temp\21b26b11d65c8bd05a52f1de722b70b51f3890530aa4e8ff1712d40b9db6c6c1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4244
    • C:\Windows\SysWOW64\net.exe
      net stop alg
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4164
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 stop alg
        3⤵
          PID:4440
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall set opmode disable
        2⤵
        • Modifies Windows Firewall
        PID:1700

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads